![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 173223a)
raw | patch | inline | side by side (parent: 173223a)
| author | Jonathan Nieder <jrnieder@gmail.com> | |
| Thu, 2 Feb 2012 11:03:16 +0000 (05:03 -0600) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Thu, 2 Feb 2012 19:03:30 +0000 (11:03 -0800) |
There is no reason in principle that an svn-format dump would not be
able to represent a file whose length does not fit in a 32-bit
integer. Use off_t consistently to represent file lengths (in place
of using uint32_t in some contexts) so we can handle that.
Most svn-fe code is already ready to do that without this patch and
passes values of type off_t around. The type mismatch from stragglers
was noticed with gcc -Wtype-limits.
While at it, tighten the parsing of the Text-content-length field to
make sure it is a number and does not overflow, and tighten other
overflow checks as that value is passed around and manipulated.
Inspired-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
able to represent a file whose length does not fit in a 32-bit
integer. Use off_t consistently to represent file lengths (in place
of using uint32_t in some contexts) so we can handle that.
Most svn-fe code is already ready to do that without this patch and
passes values of type off_t around. The type mismatch from stragglers
was noticed with gcc -Wtype-limits.
While at it, tighten the parsing of the Text-content-length field to
make sure it is a number and does not overflow, and tighten other
overflow checks as that value is passed around and manipulated.
Inspired-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| vcs-svn/fast_export.c | patch | blob | history | |
| vcs-svn/fast_export.h | patch | blob | history | |
| vcs-svn/svndump.c | patch | blob | history |
diff --git a/vcs-svn/fast_export.c b/vcs-svn/fast_export.c
index 19d7c34c25d7b41e5920ad252784b23771321392..b823b8519c6dc76aa534e056c44eea7210e716f5 100644 (file)
--- a/vcs-svn/fast_export.c
+++ b/vcs-svn/fast_export.c
return ret;
}
-void fast_export_data(uint32_t mode, uint32_t len, struct line_buffer *input)
+void fast_export_data(uint32_t mode, off_t len, struct line_buffer *input)
{
+ assert(len >= 0);
if (mode == REPO_MODE_LNK) {
/* svn symlink blobs start with "link " */
+ if (len < 5)
+ die("invalid dump: symlink too short for \"link\" prefix");
len -= 5;
if (buffer_skip_bytes(input, 5) != 5)
die_short_read(input);
}
- printf("data %"PRIu32"\n", len);
+ printf("data %"PRIuMAX"\n", (uintmax_t) len);
if (buffer_copy_bytes(input, len) != len)
die_short_read(input);
fputc('\n', stdout);
void fast_export_blob_delta(uint32_t mode,
uint32_t old_mode, const char *old_data,
- uint32_t len, struct line_buffer *input)
+ off_t len, struct line_buffer *input)
{
long postimage_len;
- if (len > maximum_signed_value_of_type(off_t))
- die("enormous delta");
- postimage_len = apply_delta((off_t) len, input, old_data, old_mode);
+
+ assert(len >= 0);
+ postimage_len = apply_delta(len, input, old_data, old_mode);
if (mode == REPO_MODE_LNK) {
buffer_skip_bytes(&postimage, strlen("link "));
postimage_len -= strlen("link ");
diff --git a/vcs-svn/fast_export.h b/vcs-svn/fast_export.h
index 43d05b65efad14d5658614185098b67146cadd79..aa629f54ff5b49075eb6dafd1d480077fa8c16f2 100644 (file)
--- a/vcs-svn/fast_export.h
+++ b/vcs-svn/fast_export.h
const struct strbuf *log, const char *uuid,
const char *url, unsigned long timestamp);
void fast_export_end_commit(uint32_t revision);
-void fast_export_data(uint32_t mode, uint32_t len, struct line_buffer *input);
+void fast_export_data(uint32_t mode, off_t len, struct line_buffer *input);
void fast_export_blob_delta(uint32_t mode,
uint32_t old_mode, const char *old_data,
- uint32_t len, struct line_buffer *input);
+ off_t len, struct line_buffer *input);
/* If there is no such file at that rev, returns -1, errno == ENOENT. */
int fast_export_ls_rev(uint32_t rev, const char *path,
diff --git a/vcs-svn/svndump.c b/vcs-svn/svndump.c
index ca63760fe2108e5df0b0c84c85a8cfce5878c78a..644fdc71ba8c665f5dfadd552c3da63f4d8498e9 100644 (file)
--- a/vcs-svn/svndump.c
+++ b/vcs-svn/svndump.c
static struct line_buffer input = LINE_BUFFER_INIT;
static struct {
- uint32_t action, propLength, textLength, srcRev, type;
+ uint32_t action, propLength, srcRev, type;
+ off_t text_length;
struct strbuf src, dst;
uint32_t text_delta, prop_delta;
} node_ctx;
node_ctx.type = 0;
node_ctx.action = NODEACT_UNKNOWN;
node_ctx.propLength = LENGTH_UNKNOWN;
- node_ctx.textLength = LENGTH_UNKNOWN;
+ node_ctx.text_length = -1;
strbuf_reset(&node_ctx.src);
node_ctx.srcRev = 0;
strbuf_reset(&node_ctx.dst);
{
const uint32_t type = node_ctx.type;
const int have_props = node_ctx.propLength != LENGTH_UNKNOWN;
- const int have_text = node_ctx.textLength != LENGTH_UNKNOWN;
+ const int have_text = node_ctx.text_length != -1;
/*
* Old text for this node:
* NULL - directory or bug
}
if (!node_ctx.text_delta) {
fast_export_modify(node_ctx.dst.buf, node_ctx.type, "inline");
- fast_export_data(node_ctx.type, node_ctx.textLength, &input);
+ fast_export_data(node_ctx.type, node_ctx.text_length, &input);
return;
}
fast_export_modify(node_ctx.dst.buf, node_ctx.type, "inline");
fast_export_blob_delta(node_ctx.type, old_mode, old_data,
- node_ctx.textLength, &input);
+ node_ctx.text_length, &input);
}
static void begin_revision(void)
break;
case sizeof("Text-content-length"):
if (!constcmp(t, "Text-content-length")) {
- node_ctx.textLength = atoi(val);
+ char *end;
+ uintmax_t textlen;
+
+ textlen = strtoumax(val, &end, 10);
+ if (!isdigit(*val) || *end)
+ die("invalid dump: non-numeric length %s", val);
+ if (textlen > maximum_signed_value_of_type(off_t))
+ die("unrepresentable length in dump: %s", val);
+ node_ctx.text_length = (off_t) textlen;
break;
}
if (constcmp(t, "Prop-content-length"))